[Asterisk-Users] Anyone doing NAT through m0n0Wall?

Mark Phillips g7ltt at g7ltt.com
Thu Dec 22 05:48:22 MST 2005


Hi Folks,

I've just built myself a m0n0Wall based around a WRAP board and whilst 
it work really well for everything else I'm having some issues with 
Asterisk's NAT abilities.

Here's my setup,

A bunch of hardphones (various types) littered around the house.
SPA-3000 handles the house POTS line which forwards to extention 2005.
X-Ten Pro on my laptop for when I'm out and about.
Grandstream BT-101 at my dad's house via our cable modems.

Until replacing the Linksys with the m0n0Wall everything was working 
fine and dandy.

I have externip=g7ltt.dyndns.org set in my sip.conf file. Without it I 
could not make my dad's phone work.

With the m0n0Wall in place and the externip setting set I can make no 
calls internally but all the external phones work just fine. The reverse 
is true when I remove the externip setting; the internal phones work but 
the external ones don't.

I've done some tracing with both firewalls and have noted the following;

Linksys: externip set all SIP and IAX2 frames from * have my public 
address as the reply-to regardless of the NAT requirement of the phone 
in use. In other words it offers up the external address for internal 
calls. All data flows through the Linksys when addressed to the public 
IP address and is then forwarded back to the * server.

m0n0Wall: externip set as above and the firewall drops the packets. 
externip not set and the * NAT doesn't work.

I know that the m0n0Wall requires a rule to be added to make it work as 
before but what I don't understand is why is Asterisk forcing all calls 
to use its public IP address when externip is set?

Surely this doubles network traffic; one packet goes to the router. 
another goes from the router to the internal host. Why doesn't go 
directly over the LAN for internal stuff?

I had assumed that the addition of a nat=yes statement in the relevant 
phone stanza would turn on or off the NAT reqirement for that phone 
device but this doesn't seem to be the case.

Any ideas would be greatly appreciated.

Mark



-- 

Mark, G7LTT/KC2ENI
Randolph, NJ
http://www.g7ltt.com



More information about the asterisk-users mailing list